Metrics
Affected Vendors & Products
Solution
Please upgrade to FortiWeb version 7.6.4 or above Please upgrade to FortiWeb version 7.4.8 or above Please upgrade to FortiWeb version 7.2.11 or above Please upgrade to FortiWeb version 7.0.11 or above
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-25-150 |
![]() ![]() |
Thu, 14 Aug 2025 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fortinet
Fortinet fortiweb |
|
CPEs | cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* | |
Vendors & Products |
Fortinet
Fortinet fortiweb |
|
Metrics |
ssvc
|
Tue, 12 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: fortinet
Published:
Updated: 2025-08-13T20:13:42.515Z
Reserved: 2025-03-06T14:36:49.005Z
Link: CVE-2025-27759

Updated: 2025-08-13T14:13:41.723Z

Status : Analyzed
Published: 2025-08-12T19:15:28.957
Modified: 2025-08-14T01:21:25.770
Link: CVE-2025-27759

No data.

Updated: 2025-08-13T21:47:55Z